﻿@page
@using LocalizeMessagesAndErrors
@using Microsoft.AspNetCore.Identity
@using Microsoft.AspNetCore.Mvc.TagHelpers
@inject ISimpleLocalizer SimpleLocalizer

@model IndexModel
@{
    ViewData["Title"] = "Home page";
}

<div class="text-center">
    <h2>@SimpleLocalizer.LocalizeString(
            "Example1 - looking at Roles/Permissions, plus localization", this)</h2>
</div>

<h4>Application summary</h4>
<ul>
    <li>
        <strong>@SimpleLocalizer.LocalizeString("Application", this)</strong>:&nbsp;
        @SimpleLocalizer.LocalizeString(Model.AppSummary.Application, this)
    </li>
    <li>
        <strong>@SimpleLocalizer.LocalizeString("Authorization Provider", this)</strong>:&nbsp;
        @SimpleLocalizer.LocalizeString(Model.AppSummary.AuthorizationProvider, this)
    </li>
    <li>
        <strong>@SimpleLocalizer.LocalizeString("Cookie or Token", this)</strong>:&nbsp;
        @SimpleLocalizer.LocalizeString(Model.AppSummary.CookieOrToken, this)
    </li>
    <li>
        <strong>@SimpleLocalizer.LocalizeString("MultiTenant?", this)</strong>:&nbsp;
        @SimpleLocalizer.LocalizeString(Model.AppSummary.MultiTenant, this)
    </li>
    <li>
        <strong>@SimpleLocalizer.LocalizeString("Databases", this)</strong>:&nbsp;
        <ul>
            @foreach (var database in Model.AppSummary.Databases)
            {
                <li>@SimpleLocalizer.LocalizeString(database, this)</li>
            }
        </ul>
    </li>
    @if (Model.AppSummary.Note != null)
    {
        <li>
            <strong>@SimpleLocalizer.LocalizeString("Note", this)</strong>:&nbsp;
            @SimpleLocalizer.LocalizeString(Model.AppSummary.Note, this)
        </li>
    }
</ul>
<h4>How to try out this example (in English only)</h4>

<p>
    To test these authorization features you will need some users to log in.
    <br />
    NOTE: The Email address is also the password in these cases.
</p>
<ul>
    @foreach (var user in @Model.Users ?? new List<IdentityUser>() )
    {
        <li><strong>@user.UserName</strong></li>
    }
</ul>


<h3>AuthPermissions authorization approaches</h3>
<p>
    In summary, AuthPermissions roles are contain a series of <i>Permissions</i>.
    This means that a user can have roles, but if you want to what change what a
    role does, then you don't need to edit your code - you just change the Role's
    permissions in the AuthPermissions database.
</p>
<p>
    In this example:
</p>
<ul>
    <li>The Trainee user has no AuthP roles, so they can't access the two pages below</li>
    <li>The Staff user, has a Role1, which only has Permission1, so they can't open the second link</li>
    <li>The Manager user, has a Role2, which has Permission1 and Permission2, so they open both links</li>
</ul>
<table class="table">
    <thead>
        <tr>
            <th>Link to razor page</th>
            <th>Access</th>
            <th>Auth type</th>
        </tr>
    </thead>
    <tbody>
        <tr>
            <td>
                <a class="nav-link text-primary" asp-area="" asp-page="/AuthPermissions/NeedsPermission1">Logged in page</a>
            </td>
            <td>User must have Permission1</td>
            <td>
                Add <code>[HasPermission(Example1Permissions.Permission1)]</code> to the Razor Page method
            </td>
        </tr>
        <tr>
            <td>
                <a class="nav-link text-primary" asp-area="" asp-page="/AuthPermissions/NeedsPermission2">Logged in page</a>
            </td>
            <td>User must have Permission2</td>
            <td>
                Test the user with <code>User.HasPermission(Example1Permissions.Permission2)</code> 
                <hr />
                The <code>HasPermission</code> method is useful in Blazor and razor pages
            </td>
        </tr>
    </tbody>
</table>

<h3>The normal ASP.NET Core authorization approaches</h3>
<p>Compare this with ASP.NET Core authorization approaches</p>
<table class="table">
    <thead>
        <tr>
            <th>Link to razor page</th>
            <th>Access</th>
            <th>Auth type</th>
        </tr>
    </thead>
    <tbody>
        <tr>
            <td>
                <a class="nav-link text-primary" asp-area="" asp-page="/AuthBuiltIn/Public">Public page</a>
            </td>
            <td>Anyone</td>
            <td>Same with with AuthPermissions</td>
        </tr>
        <tr>
            <td>
                <a class="nav-link text-primary" asp-area="" asp-page="/AuthBuiltIn/LoggedInAuthorize">Logged in page</a>
            </td>
            <td>Must be logged in</td>
            <td>
                Using <code>[Authorize]</code> attribute on the Razor Page method.
                      <hr />
                Same with with AuthPermissions.
            </td>
        </tr>
    <tr>
            <td>
                Not shown
            </td>
            <td>Must have individual accounts' "Manager" role</td>
            <td>
                Using <code>[Authorize(Roles = "Manager"]</code> attribute on the Razor Page method
                <hr/>
                DIFFERENT in AuthPermissions. No need to edit/redeploy your app if Role change
            </td>
        </tr>
</table>